Changing DNS Nameserver on a Mac via Terminal
You can remotely - via SSH or terminal - change the nameserver on your Mac and lock your settings to prevent changes.
Mac's allow you to quickly change the DNS Nameserver via the Settings->Network screen. It takes a few minutes and works for most use cases. However, if you want to remotely (and automatically) configure CleanBrowsing on multiple Mac computers, you may need a different approach. This document will guide you on how to do the DNS changes using your terminal.
This tip here is for more technical users that are familiar with running commands via the terminal. You can also follow our step-by-step setup for Mac here.
Networksetup + chflags
Macs come with the networksetup and the chflags cli utilities that allow you to configure the network and set files as immutable. That's all you will use to change the Nameservers and lock it from being modified again.
First, you run the networksetup tool and set the DNS servers by using the -setdnsservers flag:
sudo networksetup -setdnsservers Wi-Fi 188.8.131.52
That will force Wi-Fi to go through CleanBrowsing (184.108.40.206). If it works, you won't get any warning or error in the terminal.
Second, once that is done, you need to set the file /Library/Preferences/SystemConfiguration/preferences.plist as immutable with chflags. That's where the Mac stores your network settings.
sudo chflags schg /Library/Preferences/SystemConfiguration/preferences.plist
And that's it. With these 2 commands you will change the DNS servers and block anyone from making changes in the future. You can automate them on your deployment scripts to force all Macs to be configured the same way.